Like just about everyone else in the SMB space, I use passwords to secure (cough) domains and workgroups alike. Sure, the fingerprint readers looked cool, but any genius with a gummi bear can bypass those. And the Smart Cards used by Microsoft employees are really slick, but those Enterprise systems cost too much. So until InfoCard gets here (hopefully in Longhorn) we’re stuck using passwords.
And it seems that at least once a month someone asks me, “What do you recommend for password length / complexity / expiration?”
Now I have the definitive answer for that question – the “Password Management & Synchronization” whitepaper, which is found in Part II of the Microsoft Identity and Access Management Series
The password chapters are:
1: Introduction
2: Approaches to Password Management
3: Issues and Requirements
4: Designing the Solution
5: Implementing the Solution
6: Testing the Solution
7: Operating the Solution
These chapters can be viewed online in HTML.
Or you can download the entire Microsoft Identity and Access Management Series in a zipped PDF format (6.6MB) here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=794571E9-0926-4C59-BFA9-B4BFE54D8DD8&displaylang=en
NoGeekLeftBehind.com 